Remoting Best Practices for CloudBees CI on Traditional Platforms

A - Agents Protocols: Recommended setup (default in 2.73.1+)

B - Disable Enable CLI over Remoting see Remoting Connection Mode.

C - Enable Agent → Controller Access Control

To setup SSH connected agents, follow How to Connect to Remote SSH Agents?.

To install Windows agents as a service, follow How to install Windows agents as a service?.

Built-In Node (formerly known as "master" node) should be configured as:

Building jobs on the built-in node can cause performance issues on the controller, but it also is a security issue, as anyone who can configure jobs could read/write/delete any files in the JENKINS_HOME of the controller.

For all other build agents:

If you are considering using multiple executor slots, ensure that you have designed your jobs to not overwhelm the build agent and cause build times to be impacted (for example, if you encounter a bottleneck with CPU, disk I/O, RAM, etc). One way to avoid bottlenecks is to split up the machine that is running an agent with 20 executors, into 20 virtual machines, each running one executor each. That would ensure that a consistent amount of CPU/RAM/disk would be available to any build that runs on that agent, and generally (though it depends on the specific settings you used on your virtualization software) your build times would be consistent.

Setting the executor count on an agent to a value too high could cause builds on that agent to behave in an unexpected way when the machine is overloaded (taking longer than normal, OutOfMemory exceptions, too many open files).

For Inbound Agents is recommended to use WebSocket to connect to the Jenkins controller rather than the TCP port. See JEP-222 for background.